NVR - Reston, VA
posted 2 months ago
Full-time - Mid Level
Reston, VA
Credit Intermediation and Related Activities
About the position
NVR, Inc. is seeking a Vendor Risk Management Analyst to join our team on-site at our Reston, VA headquarters. This role is integral to NVR's Vendor Risk Management team, responsible for running the Third-Party Vendor Risk Management program. The analyst will collaborate with cross-functional teams, business stakeholders, and third-party vendors to lead risk assessments and manage third-party risk effectively.
Responsibilities
- Maintain the inventory of third-party vendors and engagements, ensuring compliance with NVR's risk management policies and procedures.
- Conduct third-party risk assessments of new and existing vendors, evaluating and identifying potential risk factors.
- Collaborate with internal account managers and vendors to ensure due diligence questionnaires are prepared and received in a timely manner.
- Establish and maintain effective relationships with third parties, including internal stakeholders, to foster collaboration and ensure alignment on risk management objectives.
- Assist with incident response activities by working with impacted vendors.
- Collaborate with the Procurement organization to onboard and offboard vendors.
- Provide regular operational metrics and status updates for Vendor Risk Management.
- Stay abreast of industry trends, regulatory developments, and emerging risks related to third-party risk management and vendor management.
Requirements
- At least 2-3 years of experience in an information security role or vendor risk management role.
- Strong written communication skills, including the ability to develop and write security assessments, documentation, metrics, and reports.
- Strong planning and organizational skills, with the ability to work with both technical and non-technical personnel.
- Knowledge of security industry practices and standards, including ISO 27001, NIST, etc.
- Bachelor's degree or equivalent in computer science or a related discipline.
- Security-related industry certifications are a plus (e.g., CISA, CISSP, GSEC, Security+).
- Experience with Third-Party Risk Management Platforms (TPRM) is a plus.
- A good understanding of the homebuilding and mortgage industry is a plus.
Nice-to-haves
- Security-related industry certifications (e.g., CISA, CISSP, GSEC, Security+)
- Experience with Third-Party Risk Management Platforms (TPRM)
- Understanding of the homebuilding and mortgage industry
Benefits
- Profit sharing
- Stock ownership through a profit sharing trust as part of retirement savings package
